X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fexim%2Ftemplates%2Feximconf.erb;h=2bf90c7c11c87c197ac10ef0c7f67f9970d382c3;hb=82efd346ca1500048366eac43d191c1a2a7d01fc;hp=376d62da6f91a6227949952059d6fe34d5aa3b4d;hpb=f1a48dc8cd819d2700a3e96e7c3797bdbc60901c;p=mirror%2Fdsa-puppet.git diff --git a/modules/exim/templates/eximconf.erb b/modules/exim/templates/eximconf.erb index 376d62da6..2bf90c7c1 100644 --- a/modules/exim/templates/eximconf.erb +++ b/modules/exim/templates/eximconf.erb @@ -117,7 +117,7 @@ domainlist handled_domains = +local_domains : +virtual_domains : +bsmtp_domains localpartlist local_only_users = lsearch;/etc/exim4/localusers -localpartlist postmasterish = postmaster : abuse : hostmaster : root +localpartlist postmasterish = postmaster : abuse : hostmaster hostlist debianhosts = 127.0.0.1 : /var/lib/misc/thishost/debianhosts @@ -189,6 +189,7 @@ check_spool_space = 20M delay_warning = <%- if nodeinfo.has_key?('heavy_exim') and not nodeinfo['heavy_exim'].empty? -%> +message_body_visible = 5000 queue_run_max = 50 deliver_queue_load_max = 50 queue_only_load = 35 @@ -247,16 +248,16 @@ received_header_text = Received: ${if def:sender_rcvhost {from $sender_rcvhost\n # macro definitions. # Do not wrap! VDOMAINDATA = ${lookup{$domain}partial-lsearch{/etc/exim4/virtualdomains}{$value}} -WHITELIST = ${if match_domain{$domain}{+virtual_domains}{\ - ${if exists {/srv/$domain/mail/whitelist}{\ - ${lookup{$local_part}lsearch{/srv/$domain/mail/whitelist}{$value}{}}\ - }{}}\ - }{${lookup{$local_part}lsearch{/etc/exim4/whitelist}{$value}{}} : ${lookup{$local_part}lsearch{/var/lib/misc/$primary_hostname/mail-whitelist}{$value}{}}}} +WHITELIST = ${if match_domain{$domain}{+virtual_domains}\ + {${if exists {${extract{directory}{VDOMAINDATA}{${value}/whitelist}}} + {${lookup{$local_part}lsearch{${extract{directory}{VDOMAINDATA}{${value}/whitelist}}}{$value}{}}}{}}}\ + {${lookup{$local_part}lsearch{/etc/exim4/whitelist}{$value}{}}}} : \ + ${lookup{$local_part}lsearch{/var/lib/misc/$primary_hostname/mail-whitelist}{$value}{}} GREYLIST_LOCAL_PARTS = ${if match_domain{$domain}{+virtual_domains}\ - {${if exists {${extract{directory}{VDOMAINDATA}{${value}/grey_users}}}\ - {${lookup{$local_part}lsearch*{${extract{directory}{VDOMAINDATA}{${value}/grey_users}}}{$local_part}{}}}{}}}\ - {${lookup{$local_part}lsearch{/etc/exim4/grey_users}{$local_part}{}} : \ - ${lookup{$local_part}lsearch{/var/lib/misc/$primary_hostname/mail-greylist}{$local_part}{}}}} + {${if exists {${extract{directory}{VDOMAINDATA}{${value}/grey_users}}}\ + {${lookup{$local_part}lsearch*{${extract{directory}{VDOMAINDATA}{${value}/grey_users}}}{$local_part}{}}}{}}}\ + {${lookup{$local_part}lsearch{/etc/exim4/grey_users}{$local_part}{}}}} : \ + ${lookup{$local_part}lsearch{/var/lib/misc/$primary_hostname/mail-greylist}{$local_part}{}} RT_QUEUE_MAP = /srv/rt.debian.org/mail/rt_queue_map ###################################################################### @@ -338,27 +339,39 @@ acl_getprofile: warn domains = +virtual_domains condition = ${if exists {${extract{directory}{VDOMAINDATA}{${value}/contentinspectionaction}}}} condition = ${if eq{${lookup{$local_part}lsearch*{${extract{directory}{VDOMAINDATA}{${value}/contentinspectionaction}}}{$value}{}}}{markup}} - log_message = $local_part@$domain: markup set acl_m_rprf = markup accept condition = ${if eq {$acl_m_rprf}{}{no}{yes}} - warn condition = ${if eq{${lookup{$local_part}cdb{/var/lib/misc/${primary_hostname}/mail-contentinspectionaction.cdb}{$value}{}}}{markup}} - log_message = $local_part@$domain: markup + warn domains = +virtual_domains + condition = ${if exists {${extract{directory}{VDOMAINDATA}{${value}/contentinspectionaction}}}} + condition = ${if eq{${lookup{$local_part}lsearch*{${extract{directory}{VDOMAINDATA}{${value}/contentinspectionaction}}}{$value}{}}}{blackhole}} + set acl_m_rprf = blackhole + + accept condition = ${if eq {$acl_m_rprf}{}{no}{yes}} + + warn domains = +virtual_domains + condition = ${if exists {${extract{directory}{VDOMAINDATA}{${value}/contentinspectionaction.cdb}}}} + condition = ${if eq{${lookup{$local_part}cdb{${extract{directory}{VDOMAINDATA}{${value}/contentinspectionaction.cdb}}}{$value}{}}}{markup}} set acl_m_rprf = markup accept condition = ${if eq {$acl_m_rprf}{}{no}{yes}} - warn condition = ${if eq{${lookup{$local_part}cdb{/var/lib/misc/${primary_hostname}/mail-contentinspectionaction.cdb}{$value}{}}}{blackhole}} - log_message = $local_part@$domain: blackhole + warn domains = +virtual_domains + condition = ${if exists {${extract{directory}{VDOMAINDATA}{${value}/contentinspectionaction.cdb}}}} + condition = ${if eq{${lookup{$local_part}cdb{${extract{directory}{VDOMAINDATA}{${value}/contentinspectionaction.cdb}}}{$value}{}}}{blackhole}} set acl_m_rprf = blackhole accept condition = ${if eq {$acl_m_rprf}{}{no}{yes}} - warn domains = +virtual_domains - condition = ${if exists {${extract{directory}{VDOMAINDATA}{${value}/contentinspectionaction}}}} - condition = ${if eq{${lookup{$local_part}lsearch*{${extract{directory}{VDOMAINDATA}{${value}/contentinspectionaction}}}{$value}{}}}{blackhole}} - log_message = $local_part@$domain: blackhole + warn domains = +local_domains + condition = ${if eq{${lookup{$local_part}cdb{/var/lib/misc/${primary_hostname}/mail-contentinspectionaction.cdb}{$value}{}}}{markup}} + set acl_m_rprf = markup + + accept condition = ${if eq {$acl_m_rprf}{}{no}{yes}} + + warn domains = +local_domains + condition = ${if eq{${lookup{$local_part}cdb{/var/lib/misc/${primary_hostname}/mail-contentinspectionaction.cdb}{$value}{}}}{blackhole}} set acl_m_rprf = blackhole accept condition = ${if eq {$acl_m_rprf}{}{no}{yes}} @@ -564,7 +577,7 @@ check_recipient: # disabled accounts don't even get local mail. deny domains = +virtual_domains local_parts = ${if exists {${extract{directory}{VDOMAINDATA}{${value}/mail-disable}}}\ - {${extract{directory}{VDOMAINDATA}{${value}/mail-disable}}}\ + {lsearch;${extract{directory}{VDOMAINDATA}{${value}/mail-disable}}}\ {}} message = ${lookup{$local_part}lsearch{${extract{directory}{VDOMAINDATA}{${value}/mail-disable}}}{$value}} @@ -601,6 +614,7 @@ check_recipient: message = mail from <$sender_address> not allowed externally deny sender_domains= +virtual_domains + condition = ${if exists {${extract{directory}{VDOMAINDATA}{${value}/localusers}}}} condition = ${lookup{$sender_address_local_part}lsearch{${extract{directory}{VDOMAINDATA}{${value}/localusers}}}{true}} hosts = !+debianhosts message = mail from <$sender_address> not allowed externally @@ -807,11 +821,11 @@ check_recipient: <%- if nodeinfo['smarthost'].empty? -%> deny domains = +handled_domains - local_parts = ${if match_domain{$domain}{+virtual_domains}\ - {${if exists {${extract{directory}{VDOMAINDATA}{${value}/callout_users}}}\ - {${lookup{$local_part}lsearch*{${extract{directory}{VDOMAINDATA}{${value}/callout_users}}}{$local_part}{}}}{}}}\ - {${lookup{$local_part}lsearch{/etc/exim4/callout_users}{$local_part}{}} : \ - ${lookup{$local_part}lsearch{/var/lib/misc/$primary_hostname/mail-callout}{$local_part}{}}}} + local_parts = ${if match_domain{$domain}{+virtual_domains}\ + {${if exists {${extract{directory}{VDOMAINDATA}{${value}/callout_users}}}\ + {${lookup{$local_part}lsearch*{${extract{directory}{VDOMAINDATA}{${value}/callout_users}}}{$local_part}{}}}{}}}\ + {${lookup{$local_part}lsearch{/etc/exim4/callout_users}{$local_part}{}}}} : \ + ${lookup{$local_part}lsearch{/var/lib/misc/$primary_hostname/mail-callout}{$local_part}{}} !hosts = +debianhosts : WHITELIST !verify = sender/callout=90s,maxwait=300s @@ -983,7 +997,7 @@ check_message: begin rewrite -\N^buildd_(.*)@ries\.debian\.org$\N buildd_$1@buildd.debian.org T +\N^buildd_(.*)@franck\.debian\.org$\N buildd_$1@buildd.debian.org T \N^buildd_(.*)@klecker\.debian\.org$\N buildd_$1@buildd.debian.org T *@debian.org ${lookup{$1}cdb{/var/lib/misc/${primary_hostname}/mail-forward.cdb}{$value}fail} T *@people.debian.org ${lookup{$1}cdb{/var/lib/misc/${primary_hostname}/mail-forward.cdb}{$value}fail} T @@ -1192,11 +1206,13 @@ ldap_aliases: driver = redirect allow_defer allow_fail - data = ${if exists{/var/lib/misc/$primary_hostname/mail-forward.cdb}\ + data = ${if exists{/var/lib/misc/$primary_hostname/user-forward.cdb}\ {${lookup{$local_part}cdb\ - {/var/lib/misc/$primary_hostname/mail-forward.cdb}}}} + {/var/lib/misc/$primary_hostname/user-forward.cdb}}}} domains = +local_domains file_transport = address_file + local_part_suffix = -* + local_part_suffix_optional headers_add = "Delivered-To: ${local_part}${local_part_suffix}@${domain}" pipe_transport = address_pipe retry_use_local_part @@ -1207,6 +1223,8 @@ localuser: driver = accept check_local_user domains = +local_domains + local_part_suffix = -* + local_part_suffix_optional headers_add = "Delivered-To: ${local_part}${local_part_suffix}@${domain}" # Disable if the user has never logged in require_files = $home @@ -1235,32 +1253,6 @@ packages: no_more <%- end -%> -<%= -out = "" -if nodeinfo['bugsmaster'] or nodeinfo['bugsmx'] - domain = 'bugs.debian.org' - if nodeinfo['bugsmaster'] - domain = 'bugs-master.debian.org' - end - out = ' -# This router delivers for bugs.d.o -bugs: - debug_print = "R: bugs for $local_part@$domain" - driver = accept - transport = bugs_pipe - domains = ' + domain + ' - cannot_route_message = Unknown or archived bug - require_files = /org/bugs.debian.org/mail/run-procmail - no_more - local_parts = ${if match\ - {$local_part}\ - {\N^(\d+)(\d{2})(?:-(?:(?:submit|maintonly|quiet|forwarded|done|close|request|submitter)|(?:unsubscribe|ignore|help|(?:sub(?:scribe|help|yes|approve|reject))|unsubyes|bounce|probe|approve|reject|setlistyes|setlistsilentyes).*))?$\N}\ - {${if exists{/org/bugs.debian.org/spool/db-h/$2/$1$2.summary}\ - {$local_part}fail}}fail} -' -end -out -%> <%- if nodeinfo['rtmaster'] -%> # This router delivers for rt.d.o rt_force_new_verbose: @@ -1317,6 +1309,8 @@ virt_direct_verify: modemask = 002 directory_transport = address_directory domains = +virtual_domains + local_part_suffix = -* + local_part_suffix_optional file = $home/.forward-\ ${if exists {${home}/.forward-${local_part}}{${local_part}}\ {default}} @@ -1369,6 +1363,8 @@ virt_direct: group = ${extract{group}{VDOMAINDATA}} headers_add = "Delivered-To: ${local_part}${local_part_suffix}@${domain}" modemask = 002 + local_part_suffix = -* + local_part_suffix_optional pipe_transport = address_pipe reply_transport = address_reply retry_use_local_part @@ -1387,7 +1383,6 @@ virt_users: allow_fail router_home_directory = ${extract{directory}{VDOMAINDATA}} transport_current_directory = ${extract{directory}{VDOMAINDATA}} - file = ${extract{directory}{VDOMAINDATA}{${value}/mail-forward.cdb}} user = ${extract{user}{VDOMAINDATA}} group = ${extract{group}{VDOMAINDATA}} data = ${if exists{${extract{directory}{VDOMAINDATA}{${value}/mail-forward.cdb}}}\ @@ -1397,8 +1392,36 @@ virt_users: file_transport = address_file headers_add = "Delivered-To: ${local_part}${local_part_suffix}@${domain}" pipe_transport = address_pipe + local_part_suffix = -* + local_part_suffix_optional retry_use_local_part +<%= +out = "" +if nodeinfo['bugsmaster'] or nodeinfo['bugsmx'] + domain = 'bugs.debian.org' + if nodeinfo['bugsmaster'] + domain = 'bugs-master.debian.org' + end + out = ' +# This router delivers for bugs.d.o +bugs: + debug_print = "R: bugs for $local_part@$domain" + driver = accept + transport = bugs_pipe + domains = ' + domain + ' + cannot_route_message = Unknown or archived bug + require_files = /org/bugs.debian.org/mail/run-procmail + no_more + local_parts = ${if match\ + {$local_part}\ + {\N^(\d+)(\d{2})(?:-(?:(?:submit|maintonly|quiet|forwarded|done|close|request|submitter)|(?:unsubscribe|ignore|help|(?:sub(?:scribe|help|yes|approve|reject))|unsubyes|bounce|probe|approve|reject|setlistyes|setlistsilentyes).*))?$\N}\ + {${if exists{/org/bugs.debian.org/spool/db-h/$2/$1$2.summary}\ + {$local_part}fail}}fail} +' +end +out +%> ###################################################################### # TRANSPORTS CONFIGURATION # ######################################################################